Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Cisco Offers New WLAN Security Protocol

Cisco Systems has released EAP-FAST, a new WLAN authentication protocol that uses protected access credentials to establish a tunnel between a client and server.

Cisco Systems Inc. on Tuesday released a new protocol for authentication in an effort to help protect customers from security deficiencies in existing protocols, chiefly one developed years ago by Cisco.

Known as EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling), the new protocol differs from Ciscos LEAP (Lightweight Extensible Authentication Protocol) in that it doesnt use digital certificates for authentication. Instead, EAP-FAST uses protected access credentials to establish an authenticated tunnel between a client and a server. Once the tunnel is in place, the client sends a username and password to the server to identify and authenticate itself.

This system is designed to guard against a variety of common attacks during the authentication process, including dictionary attacks and man-in-the-middle attacks, which are commonly used against networks employing LEAP.

LEAP is used mainly to authenticate users on wireless LANs, where the wireless access point serves as the RADIUS server.

Cisco, based in San Jose, Calif., has had EAP-FAST in development for some time and it has submitted the protocol to the Internet Engineering Task Force as an Internet-Draft. The company was spurred to make the protocol available now by the impending release of a tool for attacking EAP-protected networks. The tool, called Asleap, recovers weak LEAP passwords by performing a dictionary attack against them. This involves simply reading through a massive file of common words and trying them as the password.

The tools author, Joshua Wright, first discussed the problems with LEAP and his development of Asleap in a presentation at the Def Con 11 hacker conference last summer. Since then, he has refined the tool quite a bit.

In his documentation for Asleap, Wright says that Cisco asked him to delay the release of the tool until the company could finish testing and release EAP-FAST. He agreed and says he released Asleap last week in order to motivate Cisco customers to migrate away from LEAP.